Currently trending CVE - Hype Score: 8 - Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Currently trending CVE - Hype Score: 10 - Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Currently trending CVE - Hype Score: 11 - Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Currently trending CVE - Hype Score: 18 - Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network.
Currently trending CVE - Hype Score: 14 - Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute ...
Currently trending CVE - Hype Score: 14 - A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.
Currently trending CVE - Hype Score: 17 - Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
Currently trending CVE - Hype Score: 18 - Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
Currently trending CVE - Hype Score: 26 - Description information displayed in the site administration live log
required additional sanitizing to prevent a stored XSS risk.
Currently trending CVE - Hype Score: 6 - A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve ...
Currently trending CVE - Hype Score: 6 - Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Currently trending CVE - Hype Score: 1 - httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP ...
Currently trending CVE - Hype Score: 3 - The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the ...
Currently trending CVE - Hype Score: 1 - The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output ...
Currently trending CVE - Hype Score: 2 - Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Currently trending CVE - Hype Score: 2 - Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Currently trending CVE - Hype Score: 2 - The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce ...
Currently trending CVE - Hype Score: 3 - A possible security vulnerability has been identified in Apache Kafka.
By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, ...
Checked
8 hours 7 minutes ago
Get the latest rankings and info for CVEs currently trending on social media